Documentation for firewalls and luci


I would like to open ssh to the outside world so i can access specific machines on my internal network.

I'm trying to figure out how to do this using luci and haven't really found a good guide, I was hoping someone could point me to a how-to or example.

Most of the examples i see are for much older versions of openwrt and none of them use luci.


I think with the luci webinterface it is very easy to forward the ports. You just need to enter the name of the forwarding, the source zone, the external port, the internal zone and the internal ip address and port.

ok. Let me make some guesses as to how this would work.
I can then show the actual Luci set-up for travelers of this forum :slight_smile:

So the first thing to do is to decide what exactly this is, and you are saying this is port forwarding. so I get to the port forwarding tab and i assign a name "ssh".

now i have to decide on the protocol. it appears ssh only needs tcp so I'll set it to tcp only.

external zone : wan

external port : it occurs to me that the external port does NOT need to be 22. I can make it whatever I want so I'll do that.

the internal zone is now : lan

internal IP address : this would be the address of the specific machine.

and the internal port : the internal port to access ssh. once again this does NOT need to be 22, since I can set up the openssh server to use something else.

I've put in a screenshot of what this should look like without filling in any numbers.

One question I have is, what if I want it to go to any machine on the LAN. What do i enter for the address ? is it simply ?

Does what I've outlined seem right ?

Thank you!


No point to change that.

Either set up VPN or several port forwarding rules.
The former is preferable.

Not a network address, but a host IP-address.